RE: Oracle Chief Challenges Hackers

[InfoSec News <isn () c4i org>]

Forwarded from: Marc Maiffret <marc () eeye com>

Hey so what's fault tolerant have to do with the fact that oracle
software has had many many bugs, even more than SQL. Fault tolerant is
nice but doesn't really mean shit if your programmers are leaving
gaping buffer overflows left and right in your code.

50 machines in the same "cluster" all vulnerable to the same bug just
means 50 owned machines instead of 1.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf
| Of InfoSec News
| Sent: Wednesday, November 14, 2001 11:22 PM
| To: isn () attrition org
| Subject: [ISN] Oracle Chief Challenges Hackers
|
|
| http://www.pcworld.com/news/article/0,aid,70663,00.asp
|
| James Niccolai, IDG News Service
| Tuesday, November 13, 2001
|
| LAS VEGAS -- Oracle's top executive told computer hackers on Monday
| night that his software is so secure they would never be able to break
| into Oracle's Web site, a boast that may be taken by many as a
| challenge.
|
| "This is a very dangerous thing to say--I'm not inviting a bunch of
| hackers to bring down the Oracle Web site," said Larry Ellison,
| Oracle's chair and chief executive officer. "But so far, with more
| than 1000 attacks a day, we've had no downtime, no interruption of
| service."
|
| Ellison made his remarks in a keynote speech at Comdex on Monday
| night, which he used to deliver a lecture on the stability of Oracle's
| software--particularly when used in clustered configurations--compared
| with those of his rival Microsoft.
|
| The database giant recently launched an advertising campaign with the
| slogan "Unbreakable", which is meant to suggest that Oracle's software
| doesn't break down and can't be broken into.
|
| "Everyone at Oracle was very nervous," Ellison said. "We're just going
| to cause every hacker around the world to attack the Oracle sites.
| They said, Larry, are you crazy?"
|
| Sure enough, the number of hackers trying to bring down Oracle's Web
| site has increased tenfold since the company started the campaign, to
| 1000 attacks a day, according to Ellison. But his nerve is holding
| steady.
|
| "The new version of Oracle is completely fault-tolerant," he said.
| "You can't break in."
|
| The fault tolerance comes from using what Oracle calls Real
| Application Clusters, or using groups of servers to access a database
| for improved redundancy. If one of the servers goes down, the workload
| is shifted to another server and the application, such as a Web site,
| stays up. He asserted that Oracle's clustering system is more
| effective than those offered by rivals Microsoft and IBM.
|
| On a similar theme, the Oracle chief announced a program designed to
| entice users of Microsoft's e-mail server software to switch to the
| Oracle 9i database, which can act as a mail server. Companies running
| ten or more Microsoft Exchange servers could cut costs by switching to
| 9i, he said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.